image: use longterm release of the Linux kernel (#2228)

2024-09-19 15:56:03 +00:00 · 2023-08-16 10:42:48 +02:00 · 2023-08-16 10:42:48 +02:00 · 78fa921746
commit 78fa921746
parent ed0bfd9d41
8 changed files with 18 additions and 35 deletions
--- a/image/Makefile
+++ b/image/Makefile
@ -23,12 +23,9 @@ variants := aws_aws-sev-snp aws_aws-nitro-tpm azure_azure-sev-snp gcp_gcp-sev-es
 certs := $(PKI)/PK.cer $(PKI)/KEK.cer $(PKI)/db.cer

 SYSTEMD_FIXED_RPMS := systemd-251.11-2.fc37.x86_64.rpm systemd-libs-251.11-2.fc37.x86_64.rpm systemd-networkd-251.11-2.fc37.x86_64.rpm systemd-pam-251.11-2.fc37.x86_64.rpm systemd-resolved-251.11-2.fc37.x86_64.rpm systemd-udev-251.11-2.fc37.x86_64.rpm
-AWS_FIXED_RPMS := kernel-6.1.34-59.116.amzn2023.x86_64.rpm
-AZURE_FIXED_KERNEL_RPMS := kernel-6.1.18-200.fc37.x86_64.rpm kernel-core-6.1.18-200.fc37.x86_64.rpm kernel-modules-6.1.18-200.fc37.x86_64.rpm
-GCP_FIXED_KERNEL_RPMS := kernel-6.1.18-200.fc37.x86_64.rpm kernel-core-6.1.18-200.fc37.x86_64.rpm kernel-modules-6.1.18-200.fc37.x86_64.rpm
+KERNEL_RPMS := kernel-6.1.45-100.constellation.fc38.x86_64.rpm kernel-core-6.1.45-100.constellation.fc38.x86_64.rpm kernel-modules-6.1.45-100.constellation.fc38.x86_64.rpm kernel-modules-core-6.1.45-100.constellation.fc38.x86_64.rpm
 PREBUILD_RPMS_SYSTEMD := $(addprefix prebuilt/rpms/systemd/,$(SYSTEMD_FIXED_RPMS))
-PREBUILT_RPMS_AZURE := $(addprefix prebuilt/rpms/azure/,$(AZURE_FIXED_KERNEL_RPMS))
-PREBUILT_RPMS_AWS := $(addprefix prebuilt/rpms/aws/,$(AWS_FIXED_RPMS))
+PREBUILD_RPMS_KERNEL := $(addprefix prebuilt/rpms/kernel/,$(KERNEL_RPMS))

 .PHONY: all clean inject-bins $(csps) $(variants)

@ -49,15 +46,10 @@ prebuilt/rpms/systemd/%.rpm:
 	@mkdir -p $(@D)
 	@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/systemd/251.11/2.fc37/x86_64/$*.rpm

-prebuilt/rpms/aws/kernel-6.1.34-59.116.amzn2023.x86_64.rpm:
+prebuilt/rpms/kernel/%.rpm:
 	@echo "Downloading $*"
 	@mkdir -p $(@D)
-	@curl -fsSL -o $@ https://cdn.confidential.cloud/constellation/kernel/6.1.34-59.116.amzn2023/kernel-6.1.34-59.116.amzn2023.x86_64.rpm
-
-prebuilt/rpms/azure/%.rpm:
-	@echo "Downloading $*"
-	@mkdir -p $(@D)
-	@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/6.1.18/200.fc37/x86_64/$*.rpm
+	@curl -fsSL -o $@ https://cdn.confidential.cloud/constellation/kernel/6.1.45-100.constellation/$*.rpm

 mkosi.output.%/fedora~38/image.raw: inject-bins inject-certs
 	rm -rf .csp/
@ -83,7 +75,7 @@ mkosi.output.%/fedora~38/image.raw: inject-bins inject-certs
 	rm -rf .csp/
 	@echo "Image is ready: $@"

-inject-bins: $(PREBUILD_RPMS_SYSTEMD) $(PREBUILT_RPMS_AZURE) $(PREBUILT_RPMS_AWS)
+inject-bins: $(PREBUILD_RPMS_SYSTEMD) $(PREBUILD_RPMS_KERNEL)
 	mkdir -p $(MKOSI_EXTRA)/usr/bin
 	mkdir -p $(MKOSI_EXTRA)/usr/sbin
 	cp $(UPGRADE_AGENT_BINARY) $(MKOSI_EXTRA)/usr/bin/upgrade-agent
--- a/image/README.md
+++ b/image/README.md
@ -272,3 +272,11 @@ bazel run //image/upload -- qemu --verbose --raw-image mkosi.output.qemu/fedora~
 ```

 </details>
+
+## Kernel
+
+The Kernel is built from the srpm published under [edgelesssys/constellation-kernel](https://github.com/edgelesssys/constellation-kernel).
+We track the latest longterm release, use sources directly from [kernel.org](https://www.kernel.org/) and build the Kernel using the steps specified in the
+srpm spec file.
+
+After building a Kernel rpm, we upload it to our CDN and use it in our image builds.
--- a/image/mkosi.conf.d/mkosi.aws.conf
+++ b/image/mkosi.conf.d/mkosi.aws.conf
@ -1,5 +1,2 @@
 [Match]
 PathExists=../.csp/aws
-
-[Content]
-Packages=prebuilt/rpms/aws/kernel-6.1.34-59.116.amzn2023.x86_64.rpm
--- a/image/mkosi.conf.d/mkosi.azure.conf
+++ b/image/mkosi.conf.d/mkosi.azure.conf
@ -1,8 +1,2 @@
 [Match]
 PathExists=../.csp/azure
-
-# replace kernel
-[Content]
-Packages=prebuilt/rpms/azure/kernel-6.1.18-200.fc37.x86_64.rpm
-         prebuilt/rpms/azure/kernel-core-6.1.18-200.fc37.x86_64.rpm
-         prebuilt/rpms/azure/kernel-modules-6.1.18-200.fc37.x86_64.rpm
--- a/image/mkosi.conf.d/mkosi.conf
+++ b/image/mkosi.conf.d/mkosi.conf
@ -18,7 +18,11 @@ ImageId=constellation
 Output=image.raw

 [Content]
-Packages=prebuilt/rpms/systemd/systemd-251.11-2.fc37.x86_64.rpm
+Packages=prebuilt/rpms/kernel/kernel-6.1.45-100.constellation.fc38.x86_64.rpm
+         prebuilt/rpms/kernel/kernel-core-6.1.45-100.constellation.fc38.x86_64.rpm
+         prebuilt/rpms/kernel/kernel-modules-6.1.45-100.constellation.fc38.x86_64.rpm
+         prebuilt/rpms/kernel/kernel-modules-core-6.1.45-100.constellation.fc38.x86_64.rpm
+         prebuilt/rpms/systemd/systemd-251.11-2.fc37.x86_64.rpm
         prebuilt/rpms/systemd/systemd-libs-251.11-2.fc37.x86_64.rpm
         prebuilt/rpms/systemd/systemd-networkd-251.11-2.fc37.x86_64.rpm
         prebuilt/rpms/systemd/systemd-pam-251.11-2.fc37.x86_64.rpm
--- a/image/mkosi.conf.d/mkosi.gcp.conf
+++ b/image/mkosi.conf.d/mkosi.gcp.conf
@ -1,8 +1,2 @@
 [Match]
 PathExists=../.csp/gcp
-
-# replace kernel
-[Content]
-Packages=kernel
-         kernel-core
-         kernel-modules
--- a/image/mkosi.conf.d/mkosi.openstack.conf
+++ b/image/mkosi.conf.d/mkosi.openstack.conf
@ -7,6 +7,3 @@ KernelCommandLine=mem_encrypt=on kvm_amd.sev=1 module_blacklist=qemu_fw_cfg cons
 [Content]
 Autologin=yes
 Environment=CONSOLE_MOTD=true
-Packages=kernel
-         kernel-core
-         kernel-modules
--- a/image/mkosi.conf.d/mkosi.qemu.conf
+++ b/image/mkosi.conf.d/mkosi.qemu.conf
@ -4,6 +4,3 @@ PathExists=../.csp/qemu
 [Content]
 Autologin=yes
 Environment=CONSOLE_MOTD=true
-Packages=kernel
-         kernel-core
-         kernel-modules